Date: Sun, 27 Apr 2003 12:59:02 +0200 From: Antoine Jacoutot <ajacoutot@lphp.org> To: freebsd-ipfw@freebsd.org Subject: ipfw dynamic rule timeout Message-ID: <200304271259.02025.ajacoutot@lphp.org>
next in thread | raw e-mail | index | archive | help
Hi ! I hope this is the right list for this, I couldn't get any answer from -questions. I'm having a problem with ipfw and dynamic rules timeout. For exemple, when I ssh to a distant machine, if I don't type anything for like 10 or 20 seconds, the connexion is dropped. I read this in ipfw man page: "Dynamic rules expire after some time, which depends on the status of the flow and the setting of some sysctl variables. See Section SYSCTL VARIABLES for more details. For TCP sessions, dynamic rules can be instructed to periodically send keepalive packets to refresh the state of the rule when it is about to expire." So I tried to following command and got this output: # sysctl -a | grep net.inet.ip.fw net.inet.ip.fw.enable: 1 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 500 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 168 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.static_count: 27 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_keepalive: 1 So, obviously, keepalive should work. Is there anything I should do besides setting net.inet.ip.fw.dyn_keepalive to 1 (which is the default value). I'm running FreeBSD-4.8-RELEASE with IPFW2. Thanks in advance. Antoine
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304271259.02025.ajacoutot>